Prev: ** Beginner Question ** How to extend logging to 90 days in ?/var/adm/messages
Next: client: searching for jumpstart directory: not found. No entry in rules file.
From: Dave on 19 Dec 2009 12:45
Alexander J. Maidak wrote:
> On Sat, 19 Dec 2009 10:22:09 +0000, Dave wrote:
>
>> Alexander J. Maidak wrote:
>>> On Sat, 19 Dec 2009 00:24:19 +0000, Dave wrote:
>>>
>>>
>>>> In the global zone, I see:
>>>>
>>>> # netstat -rn
>>>>
>>>> Routing Table: IPv4
>>>> Destination Gateway Flags Ref Use
>>>> Interface
>>>> -------------------- -------------------- ----- ----- ----------
>>>> --------- default 128.208.128.129 UG 1 39
>>>> 128.208.128.128 128.208.128.194 U 1 8 nxge0
>>>> 224.0.0.0 128.208.128.194 U 1 0 nxge0
>>>> 224.0.0.0 192.168.2.1 U 1 0
>>>> nxge0:1 127.0.0.1 127.0.0.1 UH 5
>>>> 118 lo0
>>>>
>>>> Routing Table: IPv6
>>>> Destination/Mask Gateway Flags Ref
>>>> Use
>>>> If
>>>> --------------------------- --------------------------- ----- ---
>>>> ------- ----- fe80::/10 fe80::214:4fff:fee8:b6f6
>>>> U
>>>> 1 0 nxge0 ff00::/8
>>>> fe80::214:4fff:fee8:b6f6 U 1 0 nxge0 ::1
>>>> ::1 UH 1 21 lo0
>>>>
>>>>
>>> You're global zone is going to send any packets for 192.168.2.1 to
>>> 128.208.128.129. Unless 128.208.129.129 has a route to send the data
>>> back to you this isn't going to work.
>>>
>>> The simplest thing to do to is set you're IP address for you're zone to
>>> something like 128.208.128.195, this will work fine as it will share
>>> the IP space with you're primary nic.
>>
>> Thank you Alex.
>>
>> Would that not cause problems if there was a machine at 128.208.128.195?
>> (There is one alive at this minute!) There is not alive currently at
>> 128.208.128.196, but I've not been allocated that IP address, so its
>> anyone's guess what hassles I would cause using that IP.
>>
>> Getting another static IP is probably not out of the question, but I'd
>> rather not do that. I believe it must be possible to do this without
>> having numerous static IPs. One might typically want to run an ftp
>> server, web server etc all in zones - have static IPs for each would be
>> a bit wasteful.
>>
>>> Otherwise I'd advise you to use a an exclusive stack IP zone on nxge1
>>> and join that to the 192.168.2.0/24 network, still the 128.208.128 and
>>> 192.168.2.0/24 networks will require some kind of router to transfer
>>> data between them.
>> I was hoping to do that with ipfilter.
>>
>> I added the following two rules to /etc/ipf/ipnat.conf:
>>
>> rdr nxge0 128.208.128.194/32 port 23 -> 192.168.2.1 port 23 rdr
>> nxge0 128.208.128.129/32 port 23 -> 192.168.2.1 port 23
>>
>>
>>
>> and hoped that would route port 23 to the zone. When I enabled telnet in
>> the zone
>>
>> # svcadm enable telnet
>>
>> I was unable to connect via telnet to the zone from the global zone.
>>
>> I would have thought that running a web server in a zone would be quite
>> a common thing for people to do, and so there be some HOWTO or similar
>> on it. But I can't seem to find anything with Google. Tons of stuff
>> about zones, and tons of stuff about apache, but I can't find anything
>> about how to set up a web server in a zone.
>>
>> Dave
>
> If you just want to get at it from the globalzone you could just put the
> zone on you're loopback interface like so:
>
> zonecfg:zone100> add net
> zonecfg:zone100:net> set physical=lo0
> zonecfg:zone100:net> set address=127.0.0.100
> zonecfg:zone100:net> end
>
> Then you can address the zone from the global zone by connecting to
> 127.0.0.100


Thanks,

Would the above configuration be in addition to, or instead of, what I had before:

add net
set address=192.168.2.1
set physical=nxge0
end

I need anyone in the world to be able to connect to the zone - not just me from
the global zone. However, perhaps I can do that with ipfilter. I am really out
of my depth here.


> I'm not sure what solaris metacluster you've installed is, but if you
> selected SUNWCXall or similiar you should have apache2 installed by
> default, in which case:

I do not actually need Apache. Basically the maths software Sage

http://www.sagemath.org/

uses a web based interface (HTTP or HTTPS), so it acts like a 'normal' web
server, but runs on port 8000. - you can try it yourself at

http://www.sagenb.org/

or

http://sagenb.kaist.ac.kr/

It is not based on Apache, but essentially if Apache could be made to work, so
could the maths software.

But telnet was even easier, so I just run a telnet server in the zone.

zone # svcadm enable telnet

Now I have a telnet server running in the zone, but so far I can't connect to it
from the global zone. But ultimately, I need to be able to connect to it from
any computer on the Internet. (The maths software by default will only accept
connections from the local host for security reasons, but that can be overridden).

If I could work out how to let anyone connect to the telnet server, then I could
do likewise with the maths software - only the port it different.



--
I respectfully request that this message is not archived by companies as
unscrupulous as 'Experts Exchange' . In case you are unaware,
'Experts Exchange' take questions posted on the web and try to find
idiots stupid enough to pay for the answers, which were posted freely
by others. They are leeches.
From: Dave on 19 Dec 2009 14:10
Alexander J. Maidak wrote:
> On Sat, 19 Dec 2009 10:22:09 +0000, Dave wrote:
>
>> Alexander J. Maidak wrote:
>>> On Sat, 19 Dec 2009 00:24:19 +0000, Dave wrote:
>>>
>>>
>>>> In the global zone, I see:
>>>>
>>>> # netstat -rn
>>>>
>>>> Routing Table: IPv4
>>>> Destination Gateway Flags Ref Use
>>>> Interface
>>>> -------------------- -------------------- ----- ----- ----------
>>>> --------- default 128.208.128.129 UG 1 39
>>>> 128.208.128.128 128.208.128.194 U 1 8 nxge0
>>>> 224.0.0.0 128.208.128.194 U 1 0 nxge0
>>>> 224.0.0.0 192.168.2.1 U 1 0
>>>> nxge0:1 127.0.0.1 127.0.0.1 UH 5
>>>> 118 lo0
>>>>
>>>> Routing Table: IPv6
>>>> Destination/Mask Gateway Flags Ref
>>>> Use
>>>> If
>>>> --------------------------- --------------------------- ----- ---
>>>> ------- ----- fe80::/10 fe80::214:4fff:fee8:b6f6
>>>> U
>>>> 1 0 nxge0 ff00::/8
>>>> fe80::214:4fff:fee8:b6f6 U 1 0 nxge0 ::1
>>>> ::1 UH 1 21 lo0
>>>>
>>>>
>>> You're global zone is going to send any packets for 192.168.2.1 to
>>> 128.208.128.129. Unless 128.208.129.129 has a route to send the data
>>> back to you this isn't going to work.
>>>
>>> The simplest thing to do to is set you're IP address for you're zone to
>>> something like 128.208.128.195, this will work fine as it will share
>>> the IP space with you're primary nic.
>>
>> Thank you Alex.
>>
>> Would that not cause problems if there was a machine at 128.208.128.195?
>> (There is one alive at this minute!) There is not alive currently at
>> 128.208.128.196, but I've not been allocated that IP address, so its
>> anyone's guess what hassles I would cause using that IP.
>>
>> Getting another static IP is probably not out of the question, but I'd
>> rather not do that. I believe it must be possible to do this without
>> having numerous static IPs. One might typically want to run an ftp
>> server, web server etc all in zones - have static IPs for each would be
>> a bit wasteful.
>>
>>> Otherwise I'd advise you to use a an exclusive stack IP zone on nxge1
>>> and join that to the 192.168.2.0/24 network, still the 128.208.128 and
>>> 192.168.2.0/24 networks will require some kind of router to transfer
>>> data between them.
>> I was hoping to do that with ipfilter.
>>
>> I added the following two rules to /etc/ipf/ipnat.conf:
>>
>> rdr nxge0 128.208.128.194/32 port 23 -> 192.168.2.1 port 23 rdr
>> nxge0 128.208.128.129/32 port 23 -> 192.168.2.1 port 23
>>
>>
>>
>> and hoped that would route port 23 to the zone. When I enabled telnet in
>> the zone
>>
>> # svcadm enable telnet
>>
>> I was unable to connect via telnet to the zone from the global zone.
>>
>> I would have thought that running a web server in a zone would be quite
>> a common thing for people to do, and so there be some HOWTO or similar
>> on it. But I can't seem to find anything with Google. Tons of stuff
>> about zones, and tons of stuff about apache, but I can't find anything
>> about how to set up a web server in a zone.
>>
>> Dave
>
> If you just want to get at it from the globalzone you could just put the
> zone on you're loopback interface like so:
>
> zonecfg:zone100> add net
> zonecfg:zone100:net> set physical=lo0
> zonecfg:zone100:net> set address=127.0.0.100
> zonecfg:zone100:net> end
>
> Then you can address the zone from the global zone by connecting to
> 127.0.0.100

Actually, this seems to allow me to get there from the global zone:

# route add 128.208.128.194 192.168.2.1
add host 128.208.128.194: gateway 192.168.2.1

Whether I can get ipfilter to route arbitrary traffic to there is another
matter, but that seems a start.
--
I respectfully request that this message is not archived by companies as
unscrupulous as 'Experts Exchange' . In case you are unaware,
'Experts Exchange' take questions posted on the web and try to find
idiots stupid enough to pay for the answers, which were posted freely
by others. They are leeches.
From: Dr. David Kirkby on 27 Dec 2009 18:33
On Dec 19, 7:10 pm, Dave <f...(a)coo.com> wrote:
> Alexander J. Maidak wrote:
> > On Sat, 19 Dec 2009 10:22:09 +0000, Dave wrote:
>
> >> Alexander J. Maidak wrote:
> >>> On Sat, 19 Dec 2009 00:24:19 +0000, Dave wrote:
>
> >>>> In the global zone, I see:
>
> >>>> # netstat -rn
>
> >>>> Routing Table: IPv4
> >>>>    Destination           Gateway           Flags  Ref     Use
> >>>>    Interface
> >>>> -------------------- -------------------- ----- ----- ----------
> >>>> --------- default              128.208.128.129      UG        1 39
> >>>> 128.208.128.128      128.208.128.194      U         1          8 nxge0
> >>>> 224.0.0.0            128.208.128.194      U         1          0 nxge0
> >>>> 224.0.0.0            192.168.2.1          U         1          0
> >>>> nxge0:1 127.0.0.1            127.0.0.1            UH        5      
> >>>> 118 lo0
>
> >>>> Routing Table: IPv6
> >>>>    Destination/Mask            Gateway                   Flags Ref  
> >>>>    Use
> >>>>       If
> >>>> --------------------------- --------------------------- ----- ---
> >>>> ------- ----- fe80::/10                   fe80::214:4fff:fee8:b6f6  
> >>>> U
> >>>>      1       0 nxge0 ff00::/8
> >>>> fe80::214:4fff:fee8:b6f6    U       1       0 nxge0 ::1
> >>>>        ::1                         UH      1      21 lo0
>
> >>> You're global zone is going to send any packets for 192.168.2.1 to
> >>> 128.208.128.129.  Unless 128.208.129.129 has a route to send the data
> >>> back to you this isn't going to work.
>
> >>> The simplest thing to do to is set you're IP address for you're zone to
> >>> something like 128.208.128.195, this will work fine as it will share
> >>> the IP space with you're primary nic.
>
> >> Thank you Alex.
>
> >> Would that not cause problems if there was a machine at 128.208.128.195?
> >> (There is one alive at this minute!)  There is not alive currently at
> >> 128.208.128.196, but I've not been allocated that IP address, so its
> >> anyone's guess what hassles I would cause using that IP.
>
> >> Getting another static IP is probably not out of the question, but I'd
> >> rather not do that. I believe it must be possible to do this without
> >> having numerous static IPs. One might typically want to run an ftp
> >> server, web server etc all in zones - have static IPs for each would be
> >> a bit wasteful.
>
> >>> Otherwise I'd advise you to use a an exclusive stack IP zone on nxge1
> >>> and join that to the 192.168.2.0/24 network, still the 128.208.128 and
> >>> 192.168.2.0/24 networks will require some kind of router to transfer
> >>> data between them.
> >> I was hoping to do that with ipfilter.
>
> >> I added the following two rules to /etc/ipf/ipnat.conf:
>
> >> rdr nxge0 128.208.128.194/32 port   23 -> 192.168.2.1 port   23 rdr
> >> nxge0 128.208.128.129/32 port   23 -> 192.168.2.1 port   23
>
> >> and hoped that would route port 23 to the zone. When I enabled telnet in
> >> the zone
>
> >> # svcadm enable telnet
>
> >> I was unable to connect via telnet to the zone from the global zone.
>
> >> I would have thought that running a web server in a zone would be quite
> >> a common thing for people to do, and so there be some HOWTO or similar
> >> on it. But I can't seem to find anything with Google. Tons of stuff
> >> about zones, and tons of stuff about apache, but I can't find anything
> >> about how to set up a web server in a zone.
>
> >> Dave
>
> > If you just want to get at it from the globalzone you could just put the
> > zone on you're loopback interface like so:
>
> > zonecfg:zone100> add net
> > zonecfg:zone100:net> set physical=lo0
> > zonecfg:zone100:net> set address=127.0.0.100
> > zonecfg:zone100:net> end
>
> > Then you can address the zone from the global zone by connecting to
> > 127.0.0.100
>
> Actually, this seems to allow me to get there from the global zone:
>
> # route add 128.208.128.194 192.168.2.1
> add host 128.208.128.194: gateway 192.168.2.1
>
> Whether I can get ipfilter to route arbitrary traffic to there is another
> matter, but that seems a start.
> --
> I respectfully request that this message is not archived by companies as
> unscrupulous as 'Experts Exchange' . In case you are unaware,
> 'Experts Exchange'  take questions posted on the web and try to find
> idiots stupid enough to pay for the answers, which were posted freely
> by others. They are leeches.

I finally got this solved by getting another public IP on the same
subnet. I'd like to know if its possible to do this without tying up
another IP, but it has solved my problem.
From: John D Groenveld on 27 Dec 2009 19:47
In article <a45d1afe-ddad-4dc9-ba34-f2af00d03ac8(a)j4g2000yqe.googlegroups.com>,
Dr. David Kirkby <david.kirkby(a)onetel.net> wrote:
>subnet. I'd like to know if its possible to do this without tying up
>another IP, but it has solved my problem.

With Crossbow on Indiana and Nevada, its easy.
<URL:http://docs.sun.com/app/docs/doc/819-6990>
| docs.sun.com Home > OpenSolaris System Administrator Collection >
| System Administration Guide: Network Interfaces and
| Network Virtualization > Network Virtualization and
| Resource Management > 11. Configuring Virtual Networks (Tasks) >
| Configuring a Private Virtual Network > How to Create Etherstubs and
| VNICs for the Private Virtual Network

# dladm create-etherstub etherstub0
# dladm create-vnic -l etherstub0 vnic0
# dladm create-vnic -l etherstub0 vnic1
# echo 192.168.1.1>/etc/hostname.vnic0
# ifconfig vnic0 plumb `cat /etc/hostname.vnic0` up
# cat <<EOF>>/etc/ipf/ipnat.conf
rdr nxge0 128.208.128.194/32 port 8000 -> 192.168.1.2 port 8000
map nxge0 192.168.1.0/24 -> 128.208.128.194/32 proxy port ftp ftp/tcp
map nxge0 192.168.1.0/24 -> 128.208.128.194/32 portmap tcp/udp auto
map nxge0 192.168.1.0/24 -> 128.208.128.194/32
EOF
# ipnat -CF -f /etc/ipf/ipnat.conf
# zonecfg -z sage
zonecfg -z sage
sage: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:sage> create
zonecfg:sage> set zonepath=/var/opt/zones/sage
zonecfg:sage> set ip-type=exclusive
zonecfg:sage> add net
zonecfg:sage:net> set physical=vnic1
zonecfg:sage:net> end
zonecfg:sage> exit
# zoneadm -z sage install
# zoneadm -z sage boot
# zlogin -C sage

Assign sage the IP address, 192.168.1.2, and set the default router
to 192.168.1.1.

Happy hacking!
John
groenveld(a)acm.org
From: David Kirkby on 31 Dec 2009 10:51
On Dec 28, 12:47 am, groen...(a)cse.psu.edu (John D Groenveld) wrote:
> In article <a45d1afe-ddad-4dc9-ba34-f2af00d03...(a)j4g2000yqe.googlegroups.com>,
> Dr. David Kirkby <david.kir...(a)onetel.net> wrote:
>
> >subnet. I'd like to know if its possible to do this without tying up
> >another IP, but it has solved my problem.
>
> With Crossbow on Indiana and Nevada, its easy.
> <URL:http://docs.sun.com/app/docs/doc/819-6990>
> | docs.sun.com Home  > OpenSolaris System Administrator Collection  >
> | System Administration Guide: Network Interfaces and
> | Network Virtualization  > Network Virtualization and
> | Resource Management  > 11.  Configuring Virtual Networks (Tasks)   >
> | Configuring a Private Virtual Network  > How to Create Etherstubs and
> | VNICs for the Private Virtual Network
>
> # dladm create-etherstub etherstub0
> # dladm create-vnic -l etherstub0 vnic0
> # dladm create-vnic -l etherstub0 vnic1
> # echo 192.168.1.1>/etc/hostname.vnic0
> # ifconfig vnic0 plumb `cat /etc/hostname.vnic0` up
> # cat <<EOF>>/etc/ipf/ipnat.conf
> rdr nxge0 128.208.128.194/32 port 8000 -> 192.168.1.2 port 8000
> map nxge0 192.168.1.0/24 -> 128.208.128.194/32 proxy port ftp ftp/tcp
> map nxge0 192.168.1.0/24 -> 128.208.128.194/32 portmap tcp/udp auto
> map nxge0 192.168.1.0/24 -> 128.208.128.194/32
> EOF
> # ipnat -CF -f /etc/ipf/ipnat.conf
> # zonecfg -z sage
> zonecfg -z sage
> sage: No such zone configured
> Use 'create' to begin configuring a new zone.
> zonecfg:sage> create
> zonecfg:sage> set zonepath=/var/opt/zones/sage
> zonecfg:sage> set ip-type=exclusive
> zonecfg:sage> add net
> zonecfg:sage:net> set physical=vnic1
> zonecfg:sage:net> end
> zonecfg:sage> exit
> # zoneadm -z sage install
> # zoneadm -z sage boot
> # zlogin -C sage
>
> Assign sage the IP address, 192.168.1.2, and set the default router
> to 192.168.1.1.
>
> Happy hacking!
> John
> groenv...(a)acm.org

Thank you.

This was Solaris 10 however. It would be nice to know if this is
possible there for future reference, though in this case, I think I'll
leave it, as I was the only one concerned this was taking another
static IP.

Dave
First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: ** Beginner Question ** How to extend logging to 90 days in ?/var/adm/messages
Next: client: searching for jumpstart directory: not found. No entry in rules file.